This repository has been archived by the owner on Dec 31, 2023. It is now read-only.
seeques - Internal vault's balance for debt token is not updated upon liquidation #156
Labels
Disagree With (non-)Duplication
The sponsor disputed the duplication state of this issue
Duplicate
A valid issue that is a duplicate of an issue with `Has Duplicates` label
High
A valid High severity issue
Reward
A payout will be made for this issue
Will Fix
The sponsor confirmed this issue will be fixed
Comments
github-actions
bot
added
High
traceurl
added
Disagree With (non-)Duplication
|
Same issue as #211 and same fix PR |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
seeques
high
Internal vault's balance for debt token is not updated upon liquidation
Summary
There are two types of liquidation in DODO. The first one is public liquidatation, during which the liquidator covers pool's debt by transfering debt token to the vault and receives collateral with discount in exchange. The other one is performed by DODO team in case there is a bad debt in the pool and by the end of it the debt amount of debtToken is transfered to the vault. Both of them doesn't update vault's debt token balance thus making a descrepancy between the actual and internal token amounts.
Vulnerability Detail
The
liquidate()function takes as input the debtToCover parameter and then calls transferFrom on the debt token:Nowhere it updates the
assetInfo[debt].balance.Same with the
finishLiquidation()function. It transfers the debt amount but doesn'y update the internal balance:Impact
Since
assetInfo[token].balanceis used in some major vault's calculations (e.g. the dTokenAmount a user would receive on deposit or tokens on withdraw), not updating it might lead to wrong and unfair amounts minted or transfered.Code Snippet
https://github.com/sherlock-audit/2023-06-dodo/blob/main/new-dodo-v3/contracts/DODOV3MM/D3Vault/D3VaultLiquidation.sol#L30-L61
https://github.com/sherlock-audit/2023-06-dodo/blob/main/new-dodo-v3/contracts/DODOV3MM/D3Vault/D3VaultLiquidation.sol#L117-L152
https://github.com/sherlock-audit/2023-06-dodo/blob/main/new-dodo-v3/contracts/DODOV3MM/D3Vault/D3VaultFunding.sol#L33-L39
https://github.com/sherlock-audit/2023-06-dodo/blob/main/new-dodo-v3/contracts/DODOV3MM/D3Vault/D3VaultFunding.sol#L56-L58
Tool used
Manual Review
Recommendation
Update the internal vault's balance upon liquidataion
For
liquidate():info.balance += debtToCover;For
finishLiquidations():info.balance += debt;Duplicate of #211
The text was updated successfully, but these errors were encountered: